Services Privacy Policy

1. Purpose website and mobile apps (collectively known here as ´ Services´) is offered by intraWork AS (intraWork). intraWork has contracted intraHouse AS (intraHouse) as operator of the Services as well as perform the required duties as their Data Controller. intraHouse will process personal data only for purposes that are objectively justified by Services and to perform the processing in accordance with privacy rights and regulations, including the need to protect personal integrity and private life and to ensure that personal data are of adequate quality.

Further it is the policy of both intraWork and intraHouse to adhere to local data privacy legislation as well as corporate policies and procedures and applicable privacy directives.

Processing may include collection, recording, alignment, storage, transfer and disclosure or a combination thereof. Services process personal data both as a processor and as a controller, as defined in the European General Data Protection Regulation (GDPR). For more information, including procedures involving the management of your personal data, please visit intraHouse´s Data Protection Policy here.

2. Categories of Personal data

The personal data are related to employees, customers, and customers of the customers, suppliers, complainants, correspondence, enquiries, visitors on Services´ webpages, and data subjects whose personal data is controlled by any of those listed. Services processes:

  1. Personal data on behalf of Services’ customers and
  2. Personal data where Services is data controller, which may include:
    1. Personal data on employees
    2. Information and assessments connected to other categories of personal data. It is the policy of Services to limit these data only to include contact details, strictly professional information and information related to the activities Services have performed in relation to the persons concerned. Services may collect, store, use and transfer personal data for specifically expressed purposes when the user visits Services’ internet page. Such purposes are in general daily operation of the system and communication.

3. Principle rules

When processing personal data Services will fulfill obligations:

  1. towards the data subjects
  2. towards public authorities; and
  3. towards customers and other controllers than Services with regard to how the processing is carried out.

The obligations are further detailed below.

  1. In relation to the data subject there are provisions in the applicable personal data act stipulating conditions for authorizing the processing. Consent from the data subject is normally a sufficient authorization. Dependent upon the data being sensitive or not, other conditions may authorize the processing. Furthermore, Services have an obligation to provide information to the data subject and upon request to provide access to the data. To ensure that personal data are of adequate quality, deficient personal data may be rectified.
  2. In relation to the public authorities the applicable Personal Data Act contains an obligation to give notification and - for some processing - an obligation to obtain a license.
  3. When Services is providing services to customers that include processing of personal data, such processing can only take place when there is a contractual basis for such processing.
  4. As regards the processing itself there are obligations with regard to data security and internal control. Organizational, physical and technical security measures shall be implemented to ensure adequate level of data security. The measures shall be in proportion to the probability and consequences of any breaches of security in order to prevent loss of life or health, economical loss or loss of reputation and personal integrity. The use of external resources to process personal data may be subject to specific provision of applicable Personal Data Act, as well as the transfer of data to other countries. Services will delete personal data when all purposes of the processing of the personal data are fulfilled. The retention time of each category of personal data is assessed in light of practical, technical and other considerations.

4. Audit programme

In order to verify that Services’ processing meets data protection and privacy requirements, Services and intraHouse will conduct audits according to Services’ standard audit regime.

5. Complaint Mechanisms

Complaints may be addressed to

Effective: 05/24/2018